Implement assigning perms to unblinded users

If we know the blinded user already we translate immediately; if we
don't then we apply the permission to the unblinded id and insert into
the needs_blinding table to be handled as soon as we see the blinded
user.

Author: jagerman

sogs/__main__.py

@@ -265,7 +265,7 @@ def print_room(room: Room):
 
     if args.rooms == ['+']:
         for sid in args.add_moderators:
-            u = User(session_id=sid)
+            u = User(session_id=sid, try_blinding=True)
             u.set_moderator(admin=args.admin, visible=args.visible, added_by=sysadmin)
             print(
                 "Added {} as {} global {}".format(
@@ -284,7 +284,7 @@ def print_room(room: Room):
                 print(f"No such room: '{nsr.token}'", file=sys.stderr)
 
         for sid in args.add_moderators:
-            u = User(session_id=sid)
+            u = User(session_id=sid, try_blinding=True)
             for room in rooms:
                 room.set_moderator(u, admin=args.admin, visible=not args.hidden, added_by=sysadmin)
                 print(
@@ -315,7 +315,7 @@ def print_room(room: Room):
 
     if args.rooms == ['+']:
         for sid in args.delete_moderators:
-            u = User(session_id=sid)
+            u = User(session_id=sid, try_blinding=True)
             was_admin = u.global_admin
             if not u.global_admin and not u.global_moderator:
                 print(f"{u.session_id} was not a global moderator")
@@ -332,7 +332,7 @@ def print_room(room: Room):
                 print(f"No such room: '{nsr.token}'", file=sys.stderr)
 
         for sid in args.delete_moderators:
-            u = User(session_id=sid)
+            u = User(session_id=sid, try_blinding=True)
             for room in rooms:
                 room.remove_moderator(u, removed_by=sysadmin)
                 print(f"Removed {u.session_id} as moderator/admin of {room.name} ({room.token})")

sogs/model/room.py

@@ -1045,21 +1045,33 @@ def set_moderator(self, user: User, *, added_by: User, admin=False, visible=True
             )
             raise BadPermission()
 
-        query(
-            f"""
-            INSERT INTO user_permission_overrides
-                (room, "user", moderator, {'admin,' if admin is not None else ''} visible_mod)
-            VALUES (:r, :u, TRUE, {':admin,' if admin is not None else ''} :visible)
-            ON CONFLICT (room, "user") DO UPDATE SET
-                moderator = excluded.moderator,
-                {'admin = excluded.admin,' if admin is not None else ''}
-                visible_mod = excluded.visible_mod
-            """,
-            r=self.id,
-            u=user.id,
-            admin=admin,
-            visible=visible,
-        )
+        with db.transaction():
+            need_blinding = False
+            if config.REQUIRE_BLIND_KEYS:
+                blinded = user.find_blinded()
+                if blinded is not None:
+                    user = blinded
+                else:
+                    need_blinding = True
+
+            query(
+                f"""
+                INSERT INTO user_permission_overrides
+                    (room, "user", moderator, {'admin,' if admin is not None else ''} visible_mod)
+                VALUES (:r, :u, TRUE, {':admin,' if admin is not None else ''} :visible)
+                ON CONFLICT (room, "user") DO UPDATE SET
+                    moderator = excluded.moderator,
+                    {'admin = excluded.admin,' if admin is not None else ''}
+                    visible_mod = excluded.visible_mod
+                """,
+                r=self.id,
+                u=user.id,
+                admin=admin,
+                visible=visible,
+            )
+
+            if need_blinding:
+                user.record_needs_blinding()
 
         if user.id in self._perm_cache:
             del self._perm_cache[user.id]
@@ -1107,23 +1119,31 @@ def ban_user(self, to_ban: User, *, mod: User, timeout: Optional[float] = None):
         primarily provided for testing.
         """
 
-        fail = None
-        if not self.check_moderator(mod):
-            fail = "user is not a moderator"
-        elif to_ban.id == mod.id:
-            fail = "self-ban not permitted"
-        elif to_ban.global_moderator:
-            fail = "global mods/admins cannot be banned"
-        elif self.check_moderator(to_ban) and not self.check_admin(mod):
-            fail = "only admins can ban room mods/admins"
-
-        if fail is not None:
-            app.logger.warning(f"Error banning {to_ban} from {self} by {mod}: {fail}")
-            raise BadPermission()
+        with db.transaction():
+            need_blinding = False
+            if config.REQUIRE_BLIND_KEYS:
+                blinded = to_ban.find_blinded()
+                if blinded is not None:
+                    to_ban = blinded
+                else:
+                    need_blinding = True
+
+            fail = None
+            if not self.check_moderator(mod):
+                fail = "user is not a moderator"
+            elif to_ban.id == mod.id:
+                fail = "self-ban not permitted"
+            elif to_ban.global_moderator:
+                fail = "global mods/admins cannot be banned"
+            elif self.check_moderator(to_ban) and not self.check_admin(mod):
+                fail = "only admins can ban room mods/admins"
+
+            if fail is not None:
+                app.logger.warning(f"Error banning {to_ban} from {self} by {mod}: {fail}")
+                raise BadPermission()
 
-        # TODO: log the banning action for auditing
+            # TODO: log the banning action for auditing
 
-        with db.transaction():
             query(
                 """
                 INSERT INTO user_permission_overrides (room, "user", banned, moderator, admin)
@@ -1152,6 +1172,9 @@ def ban_user(self, to_ban: User, *, mod: User, timeout: Optional[float] = None):
                     at=time.time() + timeout,
                 )
 
+            if need_blinding:
+                to_ban.record_needs_blinding()
+
         if to_ban.id in self._perm_cache:
             del self._perm_cache[to_ban.id]
 
@@ -1234,6 +1257,14 @@ def set_permissions(self, user: User, *, mod: User, **perms):
             raise BadPermission()
 
         with db.transaction():
+            need_blinding = False
+            if config.REQUIRE_BLIND_KEYS:
+                blinded = user.find_blinded()
+                if blinded is not None:
+                    user = blinded
+                else:
+                    need_blinding = True
+
             set_perms = perms.keys()
             query(
                 f"""
@@ -1250,6 +1281,9 @@ def set_permissions(self, user: User, *, mod: User, **perms):
                 upload=perms.get('upload'),
             )
 
+            if need_blinding:
+                user.record_needs_blinding()
+
         if user.id in self._perm_cache:
             del self._perm_cache[user.id]